Description
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
Remediation
References
Related Vulnerabilities
Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3395)
Moodle Improper Privilege Management Vulnerability (CVE-2020-25699)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4522)
WordPress Plugin Survey Maker-Best WordPress Survey Cross-Site Scripting (3.1.3)